BlackMatter & Haron. iOS fix addressed Pegasus?

Attacks, Threats, and Vulnerabilities

Alert (AA21-209A)Top Routinely Exploited Vulnerabilities (CISA) This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).

I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona (Proofpoint) TA456, an Iranian-state aligned actor, spent years masquerading as the persona “Marcella Flores” in an attempt to infect the machine of an employee of an aerospace defense contractor with malware.

Cyber Attack: Force Majeure at Port Terminals in South Africa to be Lifted ‘Soon’ (Maritime Logistics Professional) South African freight logistic firm Transnet said on Tuesday the force majeure communicated by its port terminals to customers would…

Chatter Indicates BlackMatter as REvil Successor (Flashpoint) BlackMatter, a new ransomware group that claims to be a successor to REvil. They are targeting large (> $100 million and bigger) companies and are actively advertising on top-tier forums such as XSS and Exploit.

BlackMatter ransomware targets companies with revenue of $100 million and more (The Record by Recorded Future) A new ransomware gang launched into operation this week, claiming to combine the best features of the now-defunct DarkSide and REvil ransomware groups, Recorded Future analysts have discovered.

New Haron ransomware gang emerges, borrows from Avaddon and Thanos (The Record by Recorded Future) Malware analysts from South Korean security firm S2W Labs have discovered a new ransomware operation that launched in the cybercrime ecosystem this month that heavily borrows from past ransomware operations such as Thanos and the now-defunct Avaddon.

LockBit ransomware now encrypts Windows domains using group policies (BleepingComputer) An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.

New Russian-Speaking Forum – A New Place for RaaS? (Kela) A new Russian-speaking forum called RAMP was launched in July 2021 and received much attention from researchers and cybercrime actors. The forum emerged at the domain that previously hosted the Babuk ransomware data leak site and later the Payload.bin leak site. KELA researched the contents of the new site and assessed its chances to succeed.

OSX.XLoader hides little except its main purpose: What we learned in the installation process (Malwarebytes Labs) We dig into OSX.XLoader, also known as X Loader, which is the latest threat to macOS that bears some similarities to novice malware.

Imagine If Hackers Had Found the CDNJS Vulnerability First (PerimeterX) A security vulnerability in Cloudflare’s CDNJS service is a wake up call for online businesses to protect themselves from digital skimming and Magecart attacks.

Cybercriminals launch targeted phishing attacks against Microsoft 365 users (ITProPortal) More than 12,000 Microsoft-related phishing attacks detected in H1 2021

Critical pipelines have reported more than 220 cyber incidents since May TSA directive (CNN) Critical pipeline operators have reported more than 220 cybersecurity incidents since the Transportation Security Administration implemented emergency measures in the wake of the crippling ransomware attack on one of America’s most important pipelines, according to TSA Administrator David Pekoske.

Google Play Protect detects only 31% of Android stalkerware (Atlas VPN) Data presented by the Atlas VPN research team reveals that Android’s internal Google Play Protect service detects only 31% of stalkerware threats.

UC San Diego Health announces data breach (San Diego Union-Tribune) University discovered incident on March 12

Data Breach at UC San Diego Health: Some Employee Email Accounts Impacted (NBC 7 San Diego) UC San Diego Health has fallen prey to a data breach impacting some employee email accounts. Here’s what we know.

UC San Diego Health discloses data breach after phishing attack (BleepingComputer) UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees’ email accounts.

New Report Reveals 76% of Healthcare Systems Failed in Securing Their Supply Chains (CynergisTek) CynergisTek released its fourth annual report, “Maturity Paradox: New World, New Threats, New Focus,” which revealed that most hospitals critically lack the ability to secure their supply chain system

Security Patches, Mitigations, and Software Updates

Apple emergency zero-day fix for iPhones and Macs – get it now! (Naked Security) You’re probably expecting us to say, “Patch early, patch often.” And that is EXACTLY what we’re saying!

Speculation that yesterday’s iOS security fix was for NSO exploit (9to5Mac) Apple yesterday released iOS 14.7.1, with a reference to an iOS security fix for a vulnerability that “may have been actively exploited” …

Apple patches zero-day flaw that hackers may have exploited (CyberScoop) Apple has released updates for its mobile, iPad and computer operating systems, fixing a zero-day flaw that appears to be the subject of active exploitation.

Delta Electronics DOPSoft (Update A) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: DOPSoft
Vulnerabilities: Out-of-bounds Read

This updated advisory is a follow-up to the original advisory titled ICSA-21-182-03 Delta Electronics DOPSoft that was published July 1, 2021, on the ICS webpage on


CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: KUKA
Equipment: KR C4
Vulnerabilities: Use of Hard-Coded Credentials

Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive information and access to shell.

Mitsubishi Electric GOT2000 series and GT SoftGOT2000 (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: GOT2000 series and GT SoftGOT2000
Vulnerability: Missing Synchronization

Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

Geutebrück G-Cam E2 and G-Code (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Geutebrück
Equipment: G-Cam E2 and G-Code
Vulnerabilities: Missing Authentication for Critical Function, Command Injection, Stack-based Buffer Overflow

UDP Technology supplies multiple OEMs such as Geutebrück with firmware for IP cameras.


CVSS v3 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME
Equipment: LAquis SCADA
Vulnerability: Cross-site Scripting

Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to access sensitive information or execute arbitrary code.

Delta Electronics DIAScreen (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: DIAScreen
Vulnerabilities: Type Confusion, Out-of-bounds Write

Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution.

Schneider Electric Modicon Controllers and Software (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products
Vulnerabilities: Insufficiently Protected Credentials, Authentication Bypass by Spoofing, Deserialization of Untrusted Data, Missing Encryption of Sensitive Data.
This updated advisory is a follow-up to the original advisory titled ICSA-21-194-02 Schneider Electric SCADApack RTU, Modicon Controllers, and Software that was published July 13, 2021, on the ICS webpage on

Successful exploitation of these vulnerabilities may allow arbitrary code execution and loss of confidentiality and integrity of the project file.

AVEVA System Platform (Update A) (CISA) 1. EXECUTIVE SUMMARY. CVSS v3 8.8
ATTENTION: Exploitable from adjacent network/low attack complexity
Vendor: AVEVA Software, LLC
Equipment: System Platform
Vulnerabilities: Missing Authentication for Critical Function, Uncaught Exception, Path Traversal, Origin Validation Error, Improper Verification of Cryptographic Signature
This updated advisory is a follow-up to the original advisory titled ICSA-21-180-05 AVEVA System Platform that was published June 29, 2021, on the ICS webpage on

Successful exploitation of these vulnerabilities, if exploited and chained together, could allow a malicious entity to achieve arbitrary code execution with system privileges or cause a denial-of-service condition.

Mitsubishi Electric GOT (Update A) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: GOT
Vulnerability: Improper Authentication

This updated advisory is a follow-up to the original advisory titled ICSA-21-112-02 Mitsubishi Electric GOT that was published April 22, 2021, on the ICS webpage on

Mitsubishi Electric Factory Automation Engineering Products (Update D) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.3
ATTENTION: Low attack complexity
Vendor: Mitsubishi Electric
Equipment: Mitsubishi Electric, Factory Automation Engineering products
Vulnerability: Unquoted Search Path or Element

IBM Report: Cost of a Data Breach Hits Record High During Pandemic (IBM News Room) IBM Security announced the results of a global study which found that data breaches now cost surveyed companies $4.24 million per incident on average – the highest cost in the 17-year history of the report.

Report: Supply Chain Cyberattacks (GreatHorn) Download the Report to understand today’s data and trends around supply chain cyberattacks. Find out how to combat these attacks and mitigate risk.

Coalition’s H1 2021 Cyber Insurance Claims Report (Coalition) Our H1 2021 Cyber Insurance Claims Report uses real Coalition data from policyholder claims to highlight the biggest cyber threats organizations face today. You’ll learn about the most common attacks, how to protect yourself, and read expert predictions for the future of cyber.

More than One in Three Organizations Say That They Are Experiencing More Cyberattacks (ISACA) Ransomware attacks have been increasingly in the headlines—and reaching historic levels of impact with the recent Colonial Pipeline and Kaseya attacks.

Risky businesses: Majority of workers take cybersecurity shortcuts, despite knowing dangers (PR Newswire) Workers are engaging in risky behaviors which could put their company’s digital security at risk, despite knowing the dangers, a global survey…

Egress: IT Leaders Rely on Weak Security Protocols Despite Extraordinary Increase in Phishing Threats to Remote Workers (BusinessWire) A new survey of enterprise IT security leaders showed an overwhelming majority–almost 80 percent–believe remote workers are at more risk for phishin

Salt Security “State of API Security” Report Finds API Attack Traffic has Grown at Triple the Rate of Overall API Traffic (PR Newswire) Salt Security, the leading API security company, today released the Salt Labs State of API Security Report, Q3 2021. The latest edition,…


Don’t Panic-Buy Your Cyber Policy: Evaluating New Approaches to Cyber Risk (The National Law Review) Panic-buying made a post-pandemic comeback when a critical channel for gasoline, diesel, and jet-fuel was forced shut down in the wake of a ransomware attack. Suddenly, gas became the new toilet paper

Noetic Cyber Launches with $20M in Funding (Noetic) New entrant to cyber asset management and continuous controls monitoring markets brings innovative approach to fundamental cybersecurity challenge Boston, Ma. – July 28, 2021 – Noetic Cyber, a cloud-based continuous cyber asset management and controls platform, launched today with a total of $20M in funding, including a new Series A round led by Energy Impact […]

Password management platform 1Password raises $100M as business booms (VentureBeat) Password management platform 1Password has raised $100 million in an Accel-led round of funding at a $2 billion valuation.

Cyolo Accelerates Growth with $21 Million Series A Funding to Expand its Zero-Effort Zero-Trust Solutions (PR Newswire) Cyolo, the developer of a Zero Trust Network Access (ZTNA) 2.0 solution for enterprises and organizations, announced today it has secured a $21…

Cyber insurance startup At-Bay raises $185 million at $1.35 billion valuation (CTECH – The startup, which raised $276 million to date, provides insurance for organizations and helps them counter cyber threats

NightDragon Closes $750M Growth Fund as Part of Next-Generation Cybersecurity, Safety, Security, and Privacy Platform (Dark Reading) NightDragon Growth I will focus on investments and advisory services to advance security from silicon to satellite.

AppSec Innovator Invicti Continues Record Growth, Powered by Continued Success in the Enterprise Sector (PR Newswire) Invicti Security™, a global innovator in application security, today announced several significant milestones marking the company’s continued…

What’s going on with the Darktrace share price? (The Motley Fool UK) Jonathan Smith offers his viewpoint on the Darktrace share price, and can’t find enough positive reasons to get him excited about it at current levels.

Cyber job listings excluded Colorado workers after salary transparency law went into effect (CyberScoop) Dozens of technology companies, including several cybersecurity firms, have excluded remote workers in Colorado from searches for job candidates since a state law requiring pay transparency in job listings went into effect. CyberScoop identified at least five cybersecurity firms or tech companies with active security-related job listings excluding Colorado workers from remote work.

Blue Hexagon Recognized by CRN – “The 10 Hottest AI Security Companies You Need to Know” (BusinessWire) Blue Hexagon, a leading agentless cloud-native AI platform, today announces CRN’s recognition of Blue Hexagon in the “10 Hottest AI Security Companies

Group-IB becomes the first cybersecurity company to join JTC’s Punggol Digital District (Business Insider) Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, i…

Armis Appoints Jean English as Chief Marketing Officer (GlobeNewswire News Room) Jean English joins Armis’ executive team to build and scale the marketing organization, spearhead rapid market expansion and drive the company to its next…

NetAbstraction Adds Two Cyber Security Veterans to Advisory Board (PR Newswire) NetAbstraction, the security by obfuscation company, today announced that Jenny Menna, Vice President, Business Cybersecurity Risk at Humana,…

Jay Parikh, Former Facebook VP, Head of Engineering and Infrastructure, Joins Lacework as Co-CEO (PR Newswire) Lacework, the security company for the cloud, today announced Jay Parikh, a technology visionary and longtime industry leader, has joined the…

Welcome Jay Parikh – The New Co-CEO of Lacework – Lacewor (Lacework) Jay will lead our innovation engine, while I focus on our growth, market expansion, and overall business operations.

Jumio Announces Anna Convery as Chief Marketing Officer (BusinessWire) Jumio, the leading provider of AI-powered end-to-end identity verification and eKYC solutions, today announced the addition of Anna Convery as chief m

Drata Names Ross Hosman as Chief Information Security Officer (PR Newswire) Drata, a next-gen security and compliance automation company, today announced the appointment of Ross Hosman as Chief Information Security…

GDIT’s Michael Baker Named WashingtonExec CISO Council Chair (Washington Exec) Michael Baker, staff vice president and chief information security officer for General Dynamics Information Technology, has been appointed as chair of the WashingtonExec CISO Council for 2021-2022.

QinetiQ’s board adds former CSRA chief (Washington Technology) QinetiQ Group’s board of directors elects new member in Larry Prior, the former CSRA CEO and currently at The Carlyle Group.

KnowBe4’s CISO Brian Jack Recognized in 2021 OnCon Icon Awards (Yahoo Finance) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, announced that its CISO Brian Jack has been recognized with a 2021 OnCon Icon Award in the Top 10 Information Security Professional Award category.

Exclusive: Three top execs including Mark Banfield suddenly depart LogicMonitor (CRN) CRO Mark Banfield, EMEA VP Daniela Streng and CFO Ziad Fanous are all departing the vendor

Products, Services, and Solutions

Improved Detection and Hunt capabilities highlight latest release of GreyMatter (ReliaQuest) Read the latest post from ReliaQuest, Improved Detection and Hunt capabilities highlight latest release of GreyMatter.

Announcing Project Pangea: Helping Underserved Communities Expand Access to the Internet For Free (Cloudflare) Half of the world’s population has no access to the Internet, with many more limited to poor, expensive, and unreliable connectivity. This problem persists despite large levels of public investment, private infrastructure, and effort by local organizers.

New Infosec Skills Cyber Range Helps Cyber Pros Upskill, Reskill Hands-On (Infosec) Infosec Institute today announced the release of the next generation of the Infosec Skills cyber range, a scalable training platform where cyber professionals can upskill and reskill inside the operating environments they encounter on the job. Named a 2021 Cyber Defense Magazine Best Product for Cybersecurity Training, Infosec Skills offers 1,200+ hands-on cybersecurity courses and cyber ranges mapped to the NICE Workforce Framework for Cybersecurity and MITRE ATT&CK® Matrix.

Threat Stack Announces Support for Amazon EKS on AWS Fargate (BusinessWire) Threat Stack announced it has expanded its AWS Fargate Security Monitoring to include Amazon Elastic Kubernetes Service (Amazon EKS).

XSOC CORP’s SOCKET Receives UL- 2900 Certification for Securing Encrypted Workflows of Today’s Enterprise and Industrial Connected Devices (BusinessWire) XSOC CORP today announces that its symmetric key exchange product, SOCKET, has received UL 2900-1 Certification. The rapid and secure “exchange” of sy

Verschlüsselung als zentraler Bestandteil der IT-Security ( Allzu oft wird das Thema Verschlüsselung sensibler Daten in Unternehmen nicht oder nicht ausreichend beleuchtet. Dabei ist Datenverschlüsselung ein wichtiger Bestandteil zur Herstellung von Vertraulichkeit und die gängigen Windows-Tools reichen meist nicht aus, um einen adäquaten Schutz herzustellen.

Falcon X Recon+ Delivers Managed Protection Against Dark Web Threats (CrowdStrike) CrowdStrike announced Falcon X Recon+, a new managed solution that simplifies the process of hunting external threats to brands, employees & sensitive data.

Acronis introduces Advanced File Sync and Share, enabling MSPs to strengthen their work collaboration services (Acronis) For information about Acronis and Acronis’ products or to schedule an interview, please send an email or get through to Acronis’ representative, using media contacts.

Colt further secures hybrid working with new SD-WAN feature (IT Brief) “This marks another stage of Colt’s SD-WAN roadmap to build a comprehensive, fail-safe, SASE enabled solution for secure hybrid working.

GroupSense and Airgap Partnership Helps Companies Prepare for and Defend Against Ransomware Attacks (PR Newswire) GroupSense, a digital risk protection services company, and Airgap, a cybersecurity provider of the industry’s first agentless Ransomware Kill…

Fullstack Academy Advisory Board – Security Advisor Alliance (Security Advisor Alliance) The Security Advisor Alliance is partnering with Fullstack Academy to align the next generation of cybersecurity talent with the needs of the industry.

Technologies, Techniques, and Standards

Ransomware resource claims to have prevented $900m in payments (Silicon Republic) In five years of operation, Europol’s No More Ransom portal has built up a repository of more than 100 ransomware decryption tools.

Design and Innovation

Ivanti to Collaborate with NIST’s National Cybersecurity Center of Excellence (NCCoE) on Implementin (Ivanti) Ivanti, the automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today announced that it has been selected by the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) to participate as a collaborator in the Implementing A Zero Trust Architecture project.

Research and Development

ARES Security Corporation Awarded $1.1M DOE SBIR Phase 2 Grant (GlobeNewswire News Room) Vienna, VA, July 27, 2021 (GLOBE NEWSWIRE) — ARES Security Corporation (ARES) is revolutionizing nuclear power plant security by coupling security with…

Legislation, Policy, and Regulation

Opinion | The Cyber Apocalypse Never Came. Here’s What We Got Instead. (POLITICO) Over the past decade, cyber warfare has changed in ways the experts didn’t see coming.

Biden Issues National Security Memorandum On Critical Infrastructure (Breaking Defense) “I think it’s more than likely we’re going to end up, if we end up in a war – a real shooting war with a major power – it’s going to be as a consequence of a cyber breach of great consequence, and it’s increasing exponentially,” president Biden said Tuesday.

National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems (The White House) Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, Tribal, and territorial levels and of the owners and operators of that infrastructure.  The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and…

Background Press Call on Improving Cybersecurity of U.S. Critical Infrastructure (The White House) 6:02 P.M. EDT SENIOR ADMINISTRATION OFFICIAL:  Thank you.  Hey, everyone.  Thank you for joining us on a 6:00 p.m. on a Tuesday evening.  So, you’re joined by senior administration officials today to give you an embargoed preview of a step we’re announcing tomorrow to protect the cybersecurity of our critical infrastructure.  This is embargoed until 9:00…

FACT SHEET: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure (The White House) The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats. Recent high-profile attacks on critical infrastructure around the world, including the ransomware attacks on the Colonial Pipeline and JBS Foods in the United States, demonstrate that significant cyber vulnerabilities exist across U.S. critical infrastructure, which is…

Biden: If U.S. has ‘real shooting war’ it could be result of cyber attacks (Reuters) President Joe Biden on Tuesday warned that if the United States ended up in a “real shooting war” with a “major power” it could be the result of a significant cyber attack on the country, highlighting what Washington sees as growing threats posed by Russia and China.

In 1st visit to intel agency, Biden warns of cyber conflict (Las Vegas Sun) In 1st visit to intel agency, Biden warns of cyber conflict

The Cybersecurity 202: Biden plans to expand government’s role protecting key industries from cyberattacks (Washington Post) President Biden will today announce a major program outlining how critical industry sectors such as energy, transportation and agriculture should be protecting themselves against cyberattacks.

Remarks by President Biden at the Office of the Director of National Intelligence (The White House) National Counterterrorism CenterLiberty Crossing Intelligence CampusMcLean, Virginia THE PRESIDENT:  It’s an honor to be here.  I guess you all are the ones that lost the lottery, huh?  (Laughter.)  You had to be here in person. Well, I’d like to thank Director Haines and Director of the National Counterterrorism Center, Christy Abizaid, for showing me around the…

TSA, Transportation Officials Give Insight into New Cybersecurity Mandates for Pipeline Operators ( Agency leaders expressed a commitment to avoiding duplication of their efforts as lines blur between cyber and physical security.

The New Cybersecurity Executive Order and Its Impact on the Software Industry (Billington CyberSecurity) The May 2021 Executive Order titled “Improving the Nation’s Cybersecurity” addressed the critical need to better secure the software supply chain that our federal government, military and critical infrastructure relies on.

HASC cyber subcommittee pushes mandatory legacy IT audit in defense bill (FCW) The military services could be required to audit its legacy IT systems and software as part of a proposal to be considered in the 2022 defense authorization bill.

Senators Blackburn, Marshall, and Colleagues Urge President Biden to Sanction China, Protect U.S. from Foreign Cyberattacks (U.S. Senator Marsha Blackburn of Tennessee) U.S. Senator Marsha Blackburn along with Senators Roger Marshall, M.D. (R-Kan.), Ted Cruz (R-Texas), and Tom Cotton (R-Ark.) sent a letter to President Biden urging him to respond to the People’s Republic of China state-sponsored cyberattacks with sanctions similar to those implemented against Russian entities. The Senators also demand answers regarding how the Administration will protect the U.S. from further cyberattacks.

Letter to President Biden (Senators Blackburn, Cotton, Cruz, and Marshall) I write regarding the recent Cybersecurity Advisory issued by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) assessing that the People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets.

A Roadmap On The Geopolitical Impact Of Emerging Technologies (Forbes) This summer, the Atlantic Council’s GeoTech Center published a new bipartisan report of Commission on the Geopolitical Impacts of New Technologies and Data (

GOP Bill Attempts to Inject Life Into Stalled Internet Privacy Talks (Wall Street Journal) Sen. Roger Wicker (R., Miss.) plans Wednesday to introduce a bill for ensuring consumers’ control over personal data collected or processed by companies.

Biden administration officials endorse ransomware reporting rules (The Record by Recorded Future) A handful of key Biden administration officials on Tuesday voiced support for legislation that would mandate certain businesses report ransomware attacks to the government.

Justice Department officials urge Congress to pass ransomware notification law (CyberScoop) U.S. Justice Department officials came out in strong support of legislation requiring companies to report ransomware attacks and other severe data breaches to federal authorities.

Top FBI official advises Congress against banning ransomware payments (TheHill) A senior FBI official advised members of the Senate Judiciary Committee on Tuesday against the idea of banning companies from paying hackers behind ransomware attacks, which have become a national security conc

US Cyber Command touts acquisition advancements (C4ISRNet) While forecasting needs to industry, officials described improvements to the command’s acquisition enterprise.

Litigation, Investigation, and Law Enforcement

Videos Show Disputed Georgian Territory Waging War on Illegal Bitcoin Mines (Motherboard) Abkhazia’s Internal Ministry of Affairs is conducting constant raids and destroying hoards of hidden mining rigs.

Takeaways from the California Attorney General’s First-Year CCPA Enforcement Update (cyber/data/privacy insights) Just over one year ago, on July 1, 2020, the California attorney general began enforcing the California Consumer Privacy Act. To mark the one-year anniversary of enforcement actions, California Attorney General Rob Bonta provided an update on his office’s CCPA enforcement efforts over the past year

WeChat suspends new user registrations to comply with Chinese laws (Verdict) Tencent-owned WeChat has suspended new user registrations in China while it upgrades its security to comply with “relevant laws and regulations”.

FBI tracking more than 100 active ransomware groups (NBC News) The FBI is tracking more than 100 active ransomware groups, an agency official said Tuesday. The figure, given by Bryan Vorndran,

Ex-Military Analyst Gets 45-Month Sentence for Leaking Classified Drone Information (Wall Street Journal) Daniel Hale, who pleaded guilty earlier this year, said he gave secret government material to journalist because he wanted public to know about civilian casualties of U.S. drone program.

Daniel Hale, who leaked information on U.S. drone warfare, sentenced to 45 months in prison (Washington Post) In 2013, Daniel Hale was at an antiwar conference in D.C. when a man recounted that two family members had been killed in a U.S. drone strike. The Yemeni man, through tears, said his relatives had been trying to encourage young men to leave al-Qaeda.

Ex-Intelligence Analyst Is Sentenced for Leaking to a Reporter (New York Times) The former U.S. contractor admitted to disclosing details of the government’s drone warfare program.

Ex-airman sentenced to 45 months for leaking drone info (Air Force Times) Hale described himself as racked with angst over the role his actions may have played in the taking of innocent lives.

Former eBay employee gets 18 months in prison for ‘abominable’ cyberstalking campaign (Reuters) A former supervisor for security operations at eBay Inc (EBAY.O) was sentenced on Tuesday to 18 months in prison for his role in a cyberstalking campaign that targeted a Massachusetts couple whose online newsletter was viewed as critical of the e-commerce company.

Ex-EBay Security Manager Gets 1 1/2 Years for Cyberstalking (Bloomberg) Philip Cooke took part in macabre plot to scare blogger. Cooke had spent 27 years with Santa Clara Police Department.

Source link

Sign up for our daily Maritme Cyber Analysis and Threat Intelligence news.